As long as Fortnite: Battle Royale keeps raking in the dough, there will be people looking for ways to exploit the gullible, greedy, and stupid. Check Point Research discovered a new way for this to happen, using some of Epic Games’ sub-domains. The result: a security threat that had the potential to expose the user information for all 200 million Fortnite players.

As the video from Check Point Research below summarizes, all you had to do was click on a link promising you free V-Bucks — which you should never, ever do — and that would allow the attacker to collect your login credentials, even without you providing them manually. This allowed the attacker to log into the victim’s account and use their credit card or listen in on voice communications.

Check Point Research has notified Epic of the vulnerability, which has since been addressed. You can read the full technical discussion on the methodology on the CPR site. And again: Don’t fall for any “free V-Bucks!” scam, OK?

Jason Winter is a veteran gaming journalist, he brings a wide range of experience to MMOBomb, including two years with Beckett Media where he served as the editor of the leading gaming magazine Massive Online Gamer. He has also written professionally for several gaming websites.

LEAVE A REPLY

Please enter your comment!
Please enter your name here